walamana/minis-data-old
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Redirecting http to https

Browse Source 
Signed-off-by: Walamana <joniogerg@gmail.com>
This commit is contained in:
Walamana
2017-11-27 18:27:05 +01:00
parent 96500de584
commit c056d02790
63 changed files with 4077 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

170
node_modules/express-force-ssl/.npmignore generated vendored Normal file
View File

@@ -0,0 +1,170 @@
#################
## JetBrains
#################
.idea/
#################
## Eclipse
#################
*.pydevproject
.project
.metadata
bin/
tmp/
*.tmp
*.bak
*.swp
*~.nib
local.properties
.classpath
.settings/
.loadpath
# External tool builders
.externalToolBuilders/
# Locally stored "Eclipse launch configurations"
*.launch
# CDT-specific
.cproject
# PDT-specific
.buildpath
#################
## Visual Studio
#################
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
# User-specific files
*.suo
*.user
*.sln.docstates
# Build results
[Dd]ebug/
[Rr]elease/
*_i.c
*_p.c
*.ilk
*.meta
*.obj
*.pch
*.pdb
*.pgc
*.pgd
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tmp
*.vspscc
.builds
*.dotCover
## TODO: If you have NuGet Package Restore enabled, uncomment this
#packages/
# Visual C++ cache files
ipch/
*.aps
*.ncb
*.opensdf
*.sdf
# Visual Studio profiler
*.psess
*.vsp
# ReSharper is a .NET coding add-in
_ReSharper*
# Installshield output folder
[Ee]xpress
# DocProject is a documentation generator add-in
DocProject/buildhelp/
DocProject/Help/*.HxT
DocProject/Help/*.HxC
DocProject/Help/*.hhc
DocProject/Help/*.hhk
DocProject/Help/*.hhp
DocProject/Help/Html2
DocProject/Help/html
# Click-Once directory
publish
# Others
[Bb]in
[Oo]bj
sql
TestResults
*.Cache
ClientBin
stylecop.*
~$*
*.dbmdl
Generated_Code #added for RIA/Silverlight projects
# Backup & report files from converting an old project file to a newer
# Visual Studio version. Backup files are not needed, because we have git ;-)
_UpgradeReport_Files/
Backup*/
UpgradeLog*.XML
############
## Windows
############
# Windows image file caches
Thumbs.db
# Folder config file
Desktop.ini
#############
## Python
#############
*.py[co]
# Packages
*.egg
*.egg-info
dist
build
eggs
parts
bin
var
sdist
develop-eggs
.installed.cfg
# Installer logs
pip-log.txt
# Unit test / coverage reports
.coverage
.tox
#Translations
*.mo
#Mr Developer
.mr.developer.cfg
# Mac crap
.DS_Store
node_modules

21
node_modules/express-force-ssl/LICENSE generated vendored Normal file
View File

@@ -0,0 +1,21 @@
(The MIT License)
Copyright (c) 2013 Jeremy Battle <jeremy@jeremybattle.com>
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the 'Software'), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

208
node_modules/express-force-ssl/README.md generated vendored Normal file
View File

@@ -0,0 +1,208 @@
express-force-ssl
=================
Extremely simple middleware for requiring some or all pages
to be visited over SSL.
Installation
------------
````
$ npm install express-force-ssl
````
Configuration
=============
As of v0.3.0 there are some configuration options
-------------------------------------------------
**NEW Settings Option**
```javascript
app.set('forceSSLOptions', {
enable301Redirects: true,
trustXFPHeader: false,
httpsPort: 443,
sslRequiredMessage: 'SSL Required.'
});
```
**enable301Redirects** - Defaults to ***true*** - the normal behavior is to 301 redirect GET requests to the https version of a
website. Changing this value to ***false*** will cause even GET requests to 403 SSL Required errors.
**trustXFPHeader** - Defaults to ***false*** - this behavior is NEW and will be default NOT TRUST X-Forwarded-Proto which
could allow a client to spoof whether or not they were on HTTPS or not. This can be changed to ***true*** if you are
behind a proxy where you trust the X-Forwarded-Proto header.
**httpsPort** - Previous this value was set with app.set('httpsPort', :portNumber) which is now deprecated. This value
should now be set in the forceSSLOptions setting.
**sslRequiredMessage** - Defaults to ***SSL Required.*** This can be useful if you want to localize your error messages.
Per-Route SSL Settings are now possible
---------------------------------------
Settings in your forceSSLOptions configuration will act as default settings for your app. However, these values can
be overridden by setting *res.locals* values before the the express-force-ssl middleware is run. For example:
```javascript
app.set('forceSSLOptions', {
enable301Redirects: false
});
app.get('/', forceSSL, function (req, res) {
//this route will 403 if accessed via HTTP
return res.send('HTTPS only.');
});
function allow301 (req, res, next) {
res.locals.forceSSLOptions = {
enable301Redirects: true
};
next();
}
app.get('/allow', allow301, forceSSL, function (req, res) {
//this route will NOT 403 if accessed via HTTP
return res.send('HTTP or HTTPS');
});
```
Examples
========
Force SSL on all pages
----------------------
```javascript
var express = require('express');
var forceSSL = require('express-force-ssl');
var fs = require('fs');
var http = require('http');
var https = require('https');
var ssl_options = {
key: fs.readFileSync('./keys/private.key'),
cert: fs.readFileSync('./keys/cert.crt'),
ca: fs.readFileSync('./keys/intermediate.crt')
};
var app = express();
var server = http.createServer(app);
var secureServer = https.createServer(ssl_options, app);
app.use(express.bodyParser());
app.use(forceSSL);
app.use(app.router);
secureServer.listen(443)
server.listen(80)
```
Only certain pages SSL
----------------------
```javascript
var express = require('express');
var forceSSL = require('express-force-ssl');
var fs = require('fs');
var http = require('http');
var https = require('https');
var ssl_options = {
key: fs.readFileSync('./keys/private.key')
cert: fs.readFileSync('./keys/cert.crt')
ca: fs.readFileSync('./keys/intermediate.crt')
};
var app = express();
var server = http.createServer(app);
var secureServer = https.createServer(ssl_options, app);
app.use(express.bodyParser());
app.use(app.router);
app.get('/', somePublicFunction);
app.get('/user/:name', somePublicFunction);
app.get('/login', forceSSL, someSecureFunction);
app.get('/logout', forceSSL, someSecureFunction);
secureServer.listen(443)
server.listen(80)
```
Custom Server Port Support
--------------------------
If your server isn't listening on 80/443 respectively, you can change this pretty simply.
```javascript
var app = express();
app.set('forceSSLOptions', {
httpsPort: 8443
});
var server = http.createServer(app);
var secureServer = https.createServer(ssl_options, app);
...
secureServer.listen(443)
server.listen(80)
```
Test
----
```
npm test
```
Change Log
==========
**v0.3.2** - Updated README to remove typo. Thanks @gswalden
**v0.3.1** - Updated README to remove deprecated usage and fix some typos. Thanks @Alfredo-Delgado and @glennr
**v0.3.0** - Added additional configuration options, ability to add per route configuration options
**v0.2.13** - Bug Fix, thanks @tatepostnikoff
**v0.2.12** - Bug Fix
**v0.2.11** - Updated README to fix usage example typo and formatting fixes
**v0.2.10** - Updated README for npmjs.com markdown changes
**v0.2.9** - More modular tests.
**v0.2.8** - Now sends 403 SSL Required error when HTTP method is anything but GET.
This will prevent a POST/PUT etc with data that will end up being lost in a redirect.
**v0.2.7** - Additional Test cases. Added example server.
**v0.2.6** - Added Tests
**v0.2.5** - Bug Fix
**v0.2.4** - Now also checking X-Forwarded-Proto header to determine SSL connection
Courtesy of @ronco
**v0.2.3** - Update README
**v0.2.2** - Redirect now gives a 301 permanent redirection HTTP Status Code
Courtesy of @tixz
**v0.2.0** - Added support for ports other than 80/443 for non-secure/secure ports.
For example, if you host your non-ssl site on port 8080 and your secure site on 8443, version 0.1.x did not support it.
Now, out of the box your non-ssl site port will be recognized, and to specify a port other than 443 for your ssl port
you just have to add a setting in your express config like so:
**Update, this method of setting httpsPort is deprecated as of v 0.3.0**
````javascript
app.set('httpsPort', 8443);
````
and the plugin will check for it and use it. Defaults to 443 of course.
**v0.1.1** - Bug fix
Courtesy of @timshadel

34
node_modules/express-force-ssl/examples/example.js generated vendored Normal file
View File

@@ -0,0 +1,34 @@
var express = require('express')
, forceSSL = require('./../index')
, fs = require('fs')
, http = require('http')
, https = require('https')
;
var ssl_options = {
key: fs.readFileSync('./test/keys/localhost.key'),
cert: fs.readFileSync('./test/keys/localhost.crt'),
ca: fs.readFileSync('./test/keys/localhost.crt')
};
var app = express();
var server = http.createServer(app);
var secureServer = https.createServer(ssl_options, app);
app.get('/', function(req, res){
res.json({msg: 'accessible by http'});
});
app.get('/ssl', forceSSL, function(req, res){
res.json({msg: 'only https'});
});
app.get('/ssl/deep/route/:id', forceSSL, function(req, res){
var host = req.headers.host.split(':');
var port = host.length > 1 ? host[1] : 'default port';
res.json({msg: 'only https, port: ' + port, id: req.param('id')});
});
app.set('httpsPort', 8443);
secureServer.listen(8443);
server.listen(8080);

80
node_modules/express-force-ssl/index.js generated vendored Normal file
View File

@@ -0,0 +1,80 @@
var parseUrl = require('url').parse;
var assign = require('lodash.assign');
function isSecure (secure, xfpHeader, trustXFPHeader) {
xfpHeader = xfpHeader ? xfpHeader.toString().toLowerCase() : '';
if (secure) {
return true;
}
return trustXFPHeader && xfpHeader === 'https'
}
function shouldRedirect (redirectsEnabled, method) {
if (!redirectsEnabled) {
return false
}
return method === "GET";
}
function checkForDeprecation (appSettings, optionsHttpsPort) {
var httpsPort = appSettings.get('httpsPort');
if (appSettings.get('env') === 'development') {
if (httpsPort) {
console.warn('express-force-ssl deprecated: app.set("httpsPort", ' + httpsPort + '), use ' +
'app.set("forceSSLOptions", { httpsPort: ' + httpsPort + ' }) instead.');
}
if (httpsPort && optionsHttpsPort) {
console.warn('You have set both app.get("httpsPort") and app.get("forceSSLOptions").httpsPort ' +
'Your app will use the value in forceSSLOptions.');
}
}
}
module.exports = function(req, res, next){
var redirect;
var secure;
var xfpHeader = req.get('X-Forwarded-Proto');
var localHttpsPort;
var appHttpsPort = req.app.get('httpsPort');
var httpsPort;
var fullUrl;
var redirectUrl;
var options = {
trustXFPHeader: false,
enable301Redirects: true,
httpsPort: false,
sslRequiredMessage: 'SSL Required.'
};
var expressOptions = req.app.get('forceSSLOptions') || {};
var localOptions = res.locals.forceSSLOptions || {};
localHttpsPort = localOptions.httpsPort;
assign(options, expressOptions, localOptions);
secure = isSecure(req.secure, xfpHeader, options.trustXFPHeader);
redirect = shouldRedirect(options.enable301Redirects, req.method);
if (!secure) {
if (redirect) {
checkForDeprecation(req.app, options.httpsPort);
httpsPort = localHttpsPort || options.httpsPort || appHttpsPort || 443;
fullUrl = parseUrl(req.protocol + '://' + req.header('Host') + req.originalUrl);
//intentionally allow coercion of https port
redirectUrl = 'https://' + fullUrl.hostname + (httpsPort == 443 ? '' : (':' + httpsPort)) + req.originalUrl;
res.redirect(301, redirectUrl);
} else {
res.status(403).send(options.sslRequiredMessage);
}
} else {
delete res.locals.forceSSLOptions;
next();
}
};

79
node_modules/express-force-ssl/package.json generated vendored Normal file
View File

@@ -0,0 +1,79 @@
{
"_from": "express-force-ssl@^0.3.2",
"_id": "express-force-ssl@0.3.2",
"_inBundle": false,
"_integrity": "sha1-AbK0mK5v0uQRUrIrV6Phc3c69n4=",
"_location": "/express-force-ssl",
"_phantomChildren": {},
"_requested": {
"type": "range",
"registry": true,
"raw": "express-force-ssl@^0.3.2",
"name": "express-force-ssl",
"escapedName": "express-force-ssl",
"rawSpec": "^0.3.2",
"saveSpec": null,
"fetchSpec": "^0.3.2"
},
"_requiredBy": [
"#USER",
"/"
],
"_resolved": "https://registry.npmjs.org/express-force-ssl/-/express-force-ssl-0.3.2.tgz",
"_shasum": "01b2b498ae6fd2e41152b22b57a3e173773af67e",
"_spec": "express-force-ssl@^0.3.2",
"_where": "C:\\Users\\jonio\\Documents\\Programmieren\\Miniportal\\Neu\\MiniportalAPI",
"author": {
"name": "Jeremy Battle",
"email": "@complexcarb",
"url": "http://jeremybattle.com"
},
"bugs": {
"url": "http://github.com/battlejj/express-force-ssl/issues"
},
"bundleDependencies": false,
"contributors": [
{
"name": "Jeremy Battle",
"email": "battlejj@gmail.com"
}
],
"dependencies": {
"lodash.assign": "^3.2.0"
},
"deprecated": false,
"description": "Force SSL on particular/all pages in Express",
"devDependencies": {
"body-parser": "^1.9.0",
"chai": "^1.9.1",
"express": "^4.9.4",
"mocha": "^1.21.4",
"request": "^2.44.0"
},
"engines": {
"node": ">=0.2.2"
},
"homepage": "http://github.com/battlejj/express-force-ssl",
"keywords": [
"ssl",
"tls",
"https",
"express"
],
"licenses": [
{
"type": "MIT",
"url": "http://github.com/battlejj/express-force-ssl/raw/master/LICENSE"
}
],
"main": "index",
"name": "express-force-ssl",
"repository": {
"type": "git",
"url": "git://github.com/battlejj/express-force-ssl.git"
},
"scripts": {
"test": "mocha test"
},
"version": "0.3.2"
}

140
node_modules/express-force-ssl/test/http.js generated vendored Normal file
View File

@@ -0,0 +1,140 @@
var chai = require('chai')
, expect = chai.expect
, request = require('request')
, server
, baseurl
, secureBaseurl
, SSLRequiredErrorText
;
before(function () {
server = require('./server')({ httpPort: 8080, httpsPort: 8443 });
baseurl = 'http://localhost:' + server.port;
secureBaseurl = 'https://localhost:' + server.securePort;
SSLRequiredErrorText = 'SSL Required.';
});
describe('Test standard HTTP behavior.', function(){
it('Should not be redirected to SSL on non "SSL Only" endpoint.', function(done){
request.get({
url: baseurl,
followRedirect: false,
strictSSL: false
}, function (error, response){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
done();
});
});
it('Should receive a 301 redirect on "SSL Only" endpoint.', function(done){
var originalDestination = baseurl + '/ssl';
var expectedDestination = secureBaseurl + '/ssl';
request.get({
url: originalDestination,
followRedirect: false,
strictSSL: false
}, function (error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(301);
expect(response.headers.location).to.equal(expectedDestination);
done();
});
});
it('Should end up at secure endpoint on "SSL Only" endpoint.', function(done){
var originalDestination = baseurl + '/ssl';
var expectedDestination = secureBaseurl + '/ssl';
request.get({
url: originalDestination,
followRedirect: true,
strictSSL: false
}, function (error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
expect(response.request.uri.href).to.equal(expectedDestination);
done();
});
});
/*
I think these next two tests are completely redundant, but someone once opened an issue about this
because they incorrectly configured their express server, so I had to write tests against his use case
to prove this isn't actually a problem.
*/
it('Should receive a 301 redirect on a deeply nested "SSL Only" endpoint.', function(done){
var id = 12983498;
var originalDestination = baseurl + '/ssl/nested/route/' + id;
var expectedDestination = secureBaseurl + '/ssl/nested/route/' + id;
request.get({
url: originalDestination,
followRedirect: false,
strictSSL: false
}, function (error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(301);
expect(response.headers.location).to.equal(expectedDestination);
done();
});
});
it('Should end up at secure endpoint on a deeply nested "SSL Only" endpoint.', function(done){
var id = 233223625745;
var originalDestination = baseurl + '/ssl/nested/route/' + id;
var expectedDestination = secureBaseurl + '/ssl/nested/route/' + id;
request.get({
url: originalDestination,
followRedirect: true,
strictSSL: false
}, function (error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
expect(response.request.uri.href).to.equal(expectedDestination);
done();
});
});
it('Should successfully POST data to non "SSL Only" endpoint.', function(done){
var destination = baseurl + '/echo';
var postData = { key1: 'Keyboard.', key2: 'Cat.'};
request.post({
url: destination,
followRedirect: true,
strictSSL: false,
form: postData
}, function(error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
expect(response.request.uri.href).to.equal(destination);
expect(body).to.equal(JSON.stringify(postData));
done();
});
});
it('Should receive 403 error when POSTing data to "SSL Only" endpoint.', function(done){
var destination = baseurl + '/sslEcho';
var postData = { key1: 'Keyboard.', key2: 'Cat.'};
request.post({
url: destination,
followRedirect: true,
strictSSL: false,
form: postData
}, function(error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(403);
expect(response.request.uri.href).to.equal(destination);
expect(body).to.equal(SSLRequiredErrorText);
done();
});
});
});

102
node_modules/express-force-ssl/test/https-disable-301s.js generated vendored Normal file
View File

@@ -0,0 +1,102 @@
var chai = require('chai')
, expect = chai.expect
, request = require('request')
, server
, baseurl
, secureBaseurl
, SSLRequiredErrorText
;
before(function () {
server = require('./server')({ enable301Redirects: false, httpPort: 8090, httpsPort: 10443 });
baseurl = 'http://localhost:' + server.port;
secureBaseurl = 'https://localhost:' + server.securePort;
SSLRequiredErrorText = 'SSL Required.';
});
describe('Test HTTPS behavior when 301 redirects are disabled.', function() {
it('Should be able to get to SSL pages with no issue', function (done) {
var sslEndpoint = secureBaseurl + '/ssl';
request.get({
url: sslEndpoint,
followRedirect: false,
strictSSL: false
}, function (error, response, body) {
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
expect(body).to.equal('HTTPS only.');
done();
});
});
it('Non ssl pages should continue to work normally', function (done) {
request.get({
url: baseurl,
followRedirect: false,
strictSSL: false
}, function (error, response){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
done();
});
});
it('Should receive a 403 error on "SSL Only" endpoint when accessed insecurely.', function (done) {
var originalEndpoint = baseurl + '/ssl';
request.get({
url: originalEndpoint,
followRedirect: false,
strictSSL: false
}, function (error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(403);
expect(body).to.equal(SSLRequiredErrorText);
done();
});
});
it('Should successfully POST data to non "SSL Only" endpoint.', function (done) {
var destination = baseurl + '/echo';
var postData = { key1: 'Keyboard.', key2: 'Cat.'};
request.post({
url: destination,
followRedirect: true,
strictSSL: false,
form: postData
}, function(error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
expect(response.request.uri.href).to.equal(destination);
expect(body).to.equal(JSON.stringify(postData));
done();
});
});
it('Should receive 403 error when POSTing data to "SSL Only" endpoint.', function (done) {
var destination = baseurl + '/sslEcho';
var postData = { key1: 'Keyboard.', key2: 'Cat.'};
request.post({
url: destination,
followRedirect: true,
strictSSL: false,
form: postData
}, function(error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(403);
expect(response.request.uri.href).to.equal(destination);
expect(body).to.equal(SSLRequiredErrorText);
done();
});
});
});

63
node_modules/express-force-ssl/test/https.js generated vendored Normal file
View File

@@ -0,0 +1,63 @@
var chai = require('chai')
, expect = chai.expect
, request = require('request')
, server
, secureBaseurl
, SSLRequiredErrorText
;
before(function () {
server = require('./server')({ httpPort: 8086, httpsPort: 6443 });
secureBaseurl = 'https://localhost:' + server.securePort;
SSLRequiredErrorText = 'SSL Required.';
});
describe('Test standard HTTPS behavior.', function() {
it('Should have no redirection from SSL on non "SSL Only" endpoint.', function (done) {
request.get({
url: secureBaseurl,
followRedirect: false,
strictSSL: false
}, function (error, response, body) {
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
expect(body).to.equal('HTTP and HTTPS.');
done();
});
});
it('Should have no redirection from SSL on "SSL Only" endpoint.', function (done) {
request.get({
url: secureBaseurl + '/ssl',
followRedirect: false,
strictSSL: false
}, function (error, response, body) {
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
expect(body).to.equal('HTTPS only.');
done();
});
});
it('Should successfully POST to an "SSL Only" endpoint.', function(done){
var destination = secureBaseurl + '/sslEcho';
var postData = { key1: 'Keyboard.', key2: 'Cat.'};
request.post({
url: destination,
followRedirect: false,
strictSSL: false,
form: postData
}, function(error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
expect(response.request.uri.href).to.equal(destination);
expect(body).to.equal(JSON.stringify(postData));
done();
});
});
});

21
node_modules/express-force-ssl/test/keys/localhost.crt generated vendored Normal file
View File

@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDeDCCAmACCQC+YKNm0V1QRTANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJV
UzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJSG9sbHl3b29kMSUwIwYD
VQQKExxleHByZXNzLWJhdHRsZW5ldC1vYXV0aC10ZXN0MQswCQYDVQQLEwJJVDES
MBAGA1UEAxMJbG9jYWxob3N0MB4XDTE0MDgyODE3NDMyMFoXDTE3MDYxNzE3NDMy
MFowfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcT
CUhvbGx5d29vZDElMCMGA1UEChMcZXhwcmVzcy1iYXR0bGVuZXQtb2F1dGgtdGVz
dDELMAkGA1UECxMCSVQxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALWbWCg0evxLwD5Z1lmV9GJQkcBJkCY3yZNU2fvx
LcK+1PVo0a0aHjXPaBlaU5y3xgazPtU7T6H+DKgW5tKVPPcZsiIje8vwH/mE5U3I
IzmaxPJZPvpErCHSx9Ite4J7mrt2WcIAy95wjiu1//KkpHxpI11noTh87+6QqxV5
YZH2L0plHp5IzNJHdb8crvOEsV01g3ymjthQY9OXQHZm9+vHG3EjVzHB41Bh3Mk9
nq5cCUef10yHbTW8jusyf58CBO4y+ofYs7dlQjPpzmddpFYoIkjWspZWy+w/6+nP
VTkyNZr8jnAhNbjSdbZezpuq8qoCHoCK6XHPecrtJH9ToyECAwEAATANBgkqhkiG
9w0BAQUFAAOCAQEAE9+sbbiwLCPRwG24B4KB3eJ+IblNNsBJfvCuYneuyi1pWwCU
6BBotEWENFlIoUXO/yTR/uDvMfcvs5YmarIu3Suj5+qf0rL0b42317uGFvYBsVIA
0uG8/rFP8HyUCfKLZL2NvLkG1EaywlCW2MnfD6U6haTCUaAkaIpy6hHOU1P+dMDI
OuNyG6wdeujlx2WWyag7uqr5YeKpVEpmEZUa2Dr2O0aEIU3OByuxYY8/1fwbWkbC
GuOP88J/t6Ahs1DcqYsX+aE8OvMnEL6hhd1UqOUC2jh6DkxIxsQqakSRYb8PcSdL
3+5RREr8os2Futi06PR5+r67Hva/k+oaysAN+g==
-----END CERTIFICATE-----

17
node_modules/express-force-ssl/test/keys/localhost.csr generated vendored Normal file
View File

@@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICwzCCAasCAQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
EjAQBgNVBAcTCUhvbGx5d29vZDElMCMGA1UEChMcZXhwcmVzcy1iYXR0bGVuZXQt
b2F1dGgtdGVzdDELMAkGA1UECxMCSVQxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALWbWCg0evxLwD5Z1lmV9GJQkcBJ
kCY3yZNU2fvxLcK+1PVo0a0aHjXPaBlaU5y3xgazPtU7T6H+DKgW5tKVPPcZsiIj
e8vwH/mE5U3IIzmaxPJZPvpErCHSx9Ite4J7mrt2WcIAy95wjiu1//KkpHxpI11n
oTh87+6QqxV5YZH2L0plHp5IzNJHdb8crvOEsV01g3ymjthQY9OXQHZm9+vHG3Ej
VzHB41Bh3Mk9nq5cCUef10yHbTW8jusyf58CBO4y+ofYs7dlQjPpzmddpFYoIkjW
spZWy+w/6+nPVTkyNZr8jnAhNbjSdbZezpuq8qoCHoCK6XHPecrtJH9ToyECAwEA
AaAAMA0GCSqGSIb3DQEBBQUAA4IBAQBmUj7lzaQpYuRHGRlwmRs52rLZzsNmqcBQ
7/E7QrMKeRYHOuhOJPTvbNbYdDuR9zHenTxJvp2C3Ufw7cl0XoH0swUSu1nix+E3
Wx8TnsDzSkE3dwEgdT4mXD77Ei9FvVOPGZdJkiPvUAeICprI+RhAwMEBpMKGEr57
6stYK+tyQ/FN7WKsRN+tUq7Kjs4+645x45lIwiGqkfDhjjA1GcYkRd9J+Eo+JtNo
NRcLFd+KRatCN0RL5HqBPHBSYd9/WtPJbKujNHU+a3KEoxKPATg8E9Lgs69s6TZP
io5ZcfppFGy/67JtN5LTwH8h0/kQsNV4pJV2NtzhrKx4NfnGUavK
-----END CERTIFICATE REQUEST-----

27
node_modules/express-force-ssl/test/keys/localhost.key generated vendored Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAtZtYKDR6/EvAPlnWWZX0YlCRwEmQJjfJk1TZ+/Etwr7U9WjR
rRoeNc9oGVpTnLfGBrM+1TtPof4MqBbm0pU89xmyIiN7y/Af+YTlTcgjOZrE8lk+
+kSsIdLH0i17gnuau3ZZwgDL3nCOK7X/8qSkfGkjXWehOHzv7pCrFXlhkfYvSmUe
nkjM0kd1vxyu84SxXTWDfKaO2FBj05dAdmb368cbcSNXMcHjUGHcyT2erlwJR5/X
TIdtNbyO6zJ/nwIE7jL6h9izt2VCM+nOZ12kVigiSNayllbL7D/r6c9VOTI1mvyO
cCE1uNJ1tl7Om6ryqgIegIrpcc95yu0kf1OjIQIDAQABAoIBAAxqx7dQB0yy3T0m
JVrQvvnt6llMble+nsC9H35zeh6Dr8nr1dJRI9moCcUaAPeJNTgGD3jC6mn4FeN0
VWn2nEmE70IYTQGftH/6DzenRIlOxMKRSZYRFffmEpWTWIuOagEBUZfLOCVIauAg
PJTZnwmGos1jJYnYOQuFxrzcJMi2//5o4lzy9fCyGnVX1S1K2aVAsTKziZxj1mEI
6+QQJo+57tMGHrOZl6pJHWsfjd/DGeLtAA9PRstkzWUG3e+cVTlGH+Vr9f6foq44
TRWDKUcCzy8fKXhmguBiJkRmY6CjiWKbx0EZ5BV5js1jXvAwzcqrCBHxlZedZggI
EohelYUCgYEA2DUVjNBYoxBk/3C2ZLXi954ZzN0hEa/Pv8DLHn57448aoOVb/+H0
qzgfhibc/y6+pWearW7EERIfp3ZprcnRYkNGC9hc4aGP1ae4AOZfm0TkdpAYiTNc
3vV+PtI3iv6/qZPNktqk55jo6WMmw3MUfy66TwUYPUzZpXm6hdBUtOcCgYEA1wgB
qDV/G+T1w2gIy6IfPnQw/0UoHtcuRcJIrjlF0tc/KEf36tZwxHhr8i+ayBmU9HhH
Q46eZAq6KrVE9ysnyirDRllW8qxV5Go0A3ICnirL6jnWSzuOu9aIn4VcB8F+Xx2R
th7gCzRUBdgJWYJL9FcR86WhM+5my7kciRAq3rcCgYA1Zq8i75bk97iqavFx4Ibl
uBQRSJDRaIY8i2bf6ke5RfBCy0O06N9gpuUKYnD1SltmSTeoHJKq0Lomx5WEijOA
PLOBW3hddmUrVViaSExW8mYnbqHQyXHn0+TRqWR0nUVDojEFU6GlXlwwwP+jCLqI
S0dTGyQIiAG94FoUkQdLAwKBgQC6N4nP1PxN+NtIrSioyK6MFG12M7rJ8ol1CgqN
LrYkIBnm1WSCr9CapLq+0rEVRuozSJJWlAThGFUetTqTXoEn2B6iJq5gnBQKKlr+
/NX9iYxsPEgzgNFcJC7PDtujL9MzpdTRRi26Jkf5g5ydMnR6lojKWo6e/X9yP83R
ePnXQwKBgQCiHjWzMNRbeqjjWtaeb3Wv3QkKGZkwOgrOlqODZcZ4kNalDeh2Q4Ho
cWUsbG4ko8J6yWnnhzRxG2G5Q/W6rpzZWCNsazKaz5LI0svYjWFOyIUvNjO5giFx
udNcjnqrwql/F8xZK7YoiMuM6ltU03NY1lpUh/X4Gd3ThXnhr8DLRw==
-----END RSA PRIVATE KEY-----

82
node_modules/express-force-ssl/test/server/index.js generated vendored Normal file
View File

@@ -0,0 +1,82 @@
var bodyParser = require('body-parser')
, express = require('express')
, forceSSL = require('../../index')
, fs = require('fs')
, http = require('http')
, https = require('https')
;
module.exports = function (options) {
var ssl_options = {
key: fs.readFileSync('./test/keys/localhost.key'),
cert: fs.readFileSync('./test/keys/localhost.crt')
};
options = options || {};
var httpPort = options.httpPort || 8080;
var httpsPort = options.httpsPort || 8443;
delete options.httpPort;
var app = express();
/*
Allow for testing with POSTing of data
*/
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
var server = http.createServer(app);
var secureServer = https.createServer(ssl_options, app);
/*
Routes
*/
app.get('/', function (req, res) {
res.send('HTTP and HTTPS.');
});
app.get('/ssl', forceSSL, function (req, res) {
res.send('HTTPS only.');
});
app.get('/ssl/nested/route/:id', forceSSL, function (req, res) {
var host = req.headers.host.split(':');
var port = host.length > 1 ? host[1] : 'default port';
res.send('HTTPS Only. Port: ' + port + '. Got param of ' + req.params.id + '.');
});
app.post('/echo', function (req, res) {
res.json(req.body);
});
app.post('/sslEcho', forceSSL, function (req, res) {
res.json(req.body);
});
app.get('/override', function (req, res, next) {
res.locals.forceSSLOptions = {
enable301Redirects: false
};
next();
}, forceSSL, function (req, res) {
res.json(req.body);
});
//Old Usage
//app.set('httpsPort', httpsPort);
app.set('forceSSLOptions', options);
secureServer.listen(httpsPort);
server.listen(httpPort);
return {
secureServer: secureServer,
server: server,
app: app,
securePort: httpsPort,
port: httpPort,
options: options
};
};

91
node_modules/express-force-ssl/test/variable-overide.js generated vendored Normal file
View File

@@ -0,0 +1,91 @@
var chai = require('chai')
, expect = chai.expect
, request = require('request')
, server
, baseurl
, secureBaseurl
, SSLRequiredErrorText = 'Custom SSL Required Message.'
;
before(function () {
server = require('./server')({
enable301Redirects: false,
httpPort: 8091,
httpsPort: 11443,
sslRequiredMessage: SSLRequiredErrorText
});
baseurl = 'http://localhost:' + server.port;
secureBaseurl = 'https://localhost:' + server.securePort;
});
describe('Test HTTPS behavior when 301 redirects are disabled.', function () {
it('301 Redirect should be disabled by user setting', function (done) {
var endpoint = baseurl + '/ssl';
request.get({
url: endpoint,
followRedirect: false,
strictSSL: false
}, function (error, response, body) {
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(403);
done()
});
});
it('301 Redirect should be enabled by res.local setting', function (done) {
var sslEndpoint = secureBaseurl + '/override';
request.get({
url: sslEndpoint,
followRedirect: false,
strictSSL: false
}, function (error, response, body) {
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
done();
});
});
it('301 Redirect should be enabled by res.local setting', function (done) {
var sslEndpoint = secureBaseurl + '/override';
request.get({
url: sslEndpoint,
followRedirect: false,
strictSSL: false
}, function (error, response, body) {
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
done();
});
});
it('Custom error text test', function (done) {
var endpoint = baseurl + '/ssl';
request.get({
url: endpoint,
followRedirect: false,
strictSSL: false
}, function (error, response, body) {
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(403);
expect(body).to.equal(SSLRequiredErrorText);
done();
});
});
});

133
node_modules/express-force-ssl/test/x-forwarded-proto-trusted.js generated vendored Normal file
View File

@@ -0,0 +1,133 @@
var chai = require('chai')
, expect = chai.expect
, request = require('request')
, server
, baseurl
, secureBaseurl
, SSLRequiredErrorText
, validHeader
, invalidHeader
;
before(function () {
server = require('./server')({ trustXFPHeader: true, httpPort: 8089, httpsPort: 9443 });
baseurl = 'http://localhost:' + server.port;
secureBaseurl = 'https://localhost:' + server.securePort;
SSLRequiredErrorText = 'SSL Required.';
validHeader = {
'X-Forwarded-Proto': 'https'
};
invalidHeader = {
'X-Forwarded-Proto': 'WrongProtocol'
};
});
describe('Test HTTPS behavior when X-Forwarded-Proto header exists and is trusted.', function(){
it('Should not be redirected to SSL on non "SSL Only" endpoint.', function(done){
request.get({
url: baseurl,
followRedirect: false,
strictSSL: false,
headers: validHeader
}, function (error, response){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
done();
});
});
it('Should not be redirected to SSL on "SSL Only" endpoint with valid X-Forwarded-Proto Header.', function(done){
var destination = baseurl + '/ssl';
request.get({
url: destination,
followRedirect: false,
strictSSL: false,
headers: validHeader
}, function (error, response){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
done();
});
});
it('Should get redirect to SSL on "SSL Only" endpoint with invalid X-Forwarded-Proto Header.', function(done){
var originalDestination = baseurl + '/ssl';
var expectedDestination = secureBaseurl + '/ssl';
request.get({
url: originalDestination,
followRedirect: false,
strictSSL: false,
headers: invalidHeader
}, function (error, response){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(301);
expect(response.headers.location).to.equal(expectedDestination);
done();
});
});
it('Should get redirected to expected destination on "SSL Only" endpoint with invalid X-Forwarded-Proto ' +
'Header.', function(done){
var originalDestination = baseurl + '/ssl';
var expectedDestination = secureBaseurl + '/ssl';
request.get({
url: originalDestination,
followRedirect: true,
strictSSL: false,
headers: invalidHeader
}, function (error, response){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
expect(response.request.uri.href).to.equal(expectedDestination);
done();
});
});
it('Should successfully POST data to "SSL Only" endpoint with valid X-Forwarded-Proto Header.', function(done){
var destination = baseurl + '/sslEcho';
var postData = { key1: 'Keyboard.', key2: 'Cat.'};
request.post({
url: destination,
followRedirect: true,
strictSSL: false,
form: postData,
headers: validHeader
}, function(error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
expect(response.request.uri.href).to.equal(destination);
expect(body).to.equal(JSON.stringify(postData));
done();
});
});
it('Should receive 403 error when POSTing data to "SSL Only" endpoint with invalid X-Forwarded-Proto ' +
'Header.', function(done){
var destination = baseurl + '/sslEcho';
var postData = { key1: 'Keyboard.', key2: 'Cat.'};
request.post({
url: destination,
followRedirect: true,
strictSSL: false,
form: postData,
headers: invalidHeader
}, function(error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(403);
expect(response.request.uri.href).to.equal(destination);
expect(body).to.equal(SSLRequiredErrorText);
done();
});
});
});

136
node_modules/express-force-ssl/test/x-forwarded-proto.js generated vendored Normal file
View File

@@ -0,0 +1,136 @@
var chai = require('chai')
, expect = chai.expect
, request = require('request')
, server
, baseurl
, secureBaseurl
, SSLRequiredErrorText
, validHeader
, invalidHeader
;
before(function () {
server = require('./server')({ httpPort: 8087, httpsPort: 7443 });
baseurl = 'http://localhost:' + server.port;
secureBaseurl = 'https://localhost:' + server.securePort;
SSLRequiredErrorText = 'SSL Required.';
validHeader = {
'X-Forwarded-Proto': 'https'
};
invalidHeader = {
'X-Forwarded-Proto': 'WrongProtocol'
};
});
describe('Test HTTPS behavior when X-Forwarded-Proto header exists but is not trusted.', function(){
it('Should not be redirected to SSL on non "SSL Only" endpoint.', function(done){
request.get({
url: baseurl,
followRedirect: false,
strictSSL: false,
headers: validHeader
}, function (error, response){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
done();
});
});
it('Should be redirected to SSL on "SSL Only" endpoint with valid but untrusted X-Forwarded-Proto Header.',
function(done){
var destination = baseurl + '/ssl';
request.get({
url: destination,
followRedirect: false,
strictSSL: false,
headers: validHeader
}, function (error, response){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(301);
done();
});
});
it('Should be redirect to SSL on "SSL Only" endpoint with invalid untrusted X-Forwarded-Proto Header.',
function(done){
var originalDestination = baseurl + '/ssl';
var expectedDestination = secureBaseurl + '/ssl';
request.get({
url: originalDestination,
followRedirect: false,
strictSSL: false,
headers: invalidHeader
}, function (error, response){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(301);
expect(response.headers.location).to.equal(expectedDestination);
done();
});
});
it('Should be redirected to expected destination on "SSL Only" endpoint with invalid untrusted X-Forwarded-Proto ' +
'Header.', function(done){
var originalDestination = baseurl + '/ssl';
var expectedDestination = secureBaseurl + '/ssl';
request.get({
url: originalDestination,
followRedirect: true,
strictSSL: false,
headers: invalidHeader
}, function (error, response){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
expect(response.request.uri.href).to.equal(expectedDestination);
done();
});
});
it('Should receive 403 error when POSTing data to "SSL Only" endpoint with untrusted X-Forwarded-Proto Header.',
function(done){
var destination = baseurl + '/sslEcho';
var postData = { key1: 'Keyboard.', key2: 'Cat.'};
request.post({
url: destination,
followRedirect: true,
strictSSL: false,
form: postData,
headers: validHeader
}, function(error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(403);
expect(response.request.uri.href).to.equal(destination);
expect(body).to.equal(SSLRequiredErrorText);
done();
});
});
it('Should receive 403 error when POSTing data to "SSL Only" endpoint with untrusted invalid X-Forwarded-Proto ' +
'Header.', function(done){
var destination = baseurl + '/sslEcho';
var postData = { key1: 'Keyboard.', key2: 'Cat.'};
request.post({
url: destination,
followRedirect: true,
strictSSL: false,
form: postData,
headers: invalidHeader
}, function(error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(403);
expect(response.request.uri.href).to.equal(destination);
expect(body).to.equal(SSLRequiredErrorText);
done();
});
});
});